This invention is in the field of computer security, and is more specifically directed to processor architecture with security provisions.
Especially in recent years, the security of computer systems has become an important issue in the computer industry. Operators of computer systems are rightfully concerned about the security of electronically stored information from unauthorized access, especially regarding sensitive and valuable business information. Also as is well known in the art and by the general public, malicious attacks of computer systems by way of computer viruses, and also by way of unauthorized access to computer networks, are also of significant concern. The disruption of computer networks, as well as the destruction of data or loss of secrecy to such data, can cause significant damage to modern business and government entities, not to mention to individual persons. In addition, the computer systems themselves can be compromised by electronic vandalism, so as to be temporarily or permanently disabled.
The issue of computer security concerns has been multiplied by the recent explosion in the widespread implementation and availability of computer-based systems, over a variety of platforms. Advances in computer and integrated circuit manufacturing technologies have permitted the widespread deployment of powerful portable computers, commonly referred to as “notebook” or “laptop” computers. A still-smaller type of computer system that has become popular is the personal digital assistant (PDA), operating according under the PALM operating system or the WindowsCE operating system. These classes of portable computers now often include wireless network capability, for communications to a local area network (LAN) or to the Internet, even in public places such as coffee shops and airport lounges. Of course, this wireless access provides even more vulnerability to unauthorized access.
Many additional electronic devices also now can be considered to be computer systems, although not in the traditional sense. For example, modern wireless telephone handsets are effectively computer systems, under the control of a microprocessor or microprocessor-like central processing unit that accesses local memory. Especially when implemented into the so-called 2.5G and 3G wireless services, these modern wireless telephone handsets carry out computer-like functions including Internet browsing, email functionality, and the like. Other non-traditional computer platforms include Internet appliances, web pads, biometrics, medical devices and the like. An example of a microprocessor device that is optimized for embedded and connected applications such as wireless telephone handsets and these other non-traditional computer systems is the OMAP dual-core processor available from Texas Instruments Incorporated, which combines a TMS320C55x™ DSP core and an enhanced ARM925 processor.
These new computer platform implementations, and their increased connectivity to the Internet, especially using wireless technology, are also vulnerable to security attacks, perhaps more so than conventional desktop computer workstations. In an example of such an attack, malicious emails with malevolent code attachments were broadcast to 2.5G and 3G wireless telephone handsets in Japan. The attacked handsets became controlled by the code, locking up some handsets while causing others to make unauthorized long distance calls; in fact, so many handsets called the emergency telephone numbers as to overwhelm the Japanese emergency response system. These and other security attacks cause significant economic and cultural disruptions.
In general, security breaches in the nature of viruses, worms, “bot” or “zombie” operation, and the like have exacted a significant economic cost on modern communications and computing systems. Significant resources have been developed to improve the security of all computer systems, including conventional computer workstations and also the new platforms containing embedded processors.
By way of further background, conventional computer operating systems generally include some amount of security functionality, to maintain system-level integrity and operability. However, as noted above in connection with the known security breaches, these operating system security features are often overcome by imaginative programming. In addition, the operating system level security applications rely upon the integrity of the underlying operating system itself. If the operating system itself is maliciously altered, then these conventional security approaches are ineffective.
By way of still further background, conventional “bootloader” routines are commonly used in modern computer systems, in virtually all platforms. A typical bootloader is a sequence of instructions for system initialization. The bootloader sequence is typically maintained in “firmware”, such as electrically-alterable or hard-coded read-only memory (ROM) in which the stored data persists after power-down. Upon power-up or system reset, the bootloader sequence is executed by the central processing unit (CPU), to transfer operating system user code from another persistent store (e.g., a hard disk drive in a conventional computer, or non-volatile memory in a portable device) into system program memory for execution. The bootloader then passes control to this operating system code.